<?php
	session_start();
	function mysqlConnect_PHP(){
		include('../config/config.inc.php');	
		$db = mysql_connect($mysql_host, $mysql_user, $mysql_pass);
		$db_select = mysql_select_db($mysql_dbname, $db);	

	}
	function getDBrowID($userid, $dbname)
	{
		if(empty($userid))
			return 0;
		else
		{
			mysqlConnect_PHP();
			$query = "SELECT * FROM ".$dbname." WHERE userid='".$userid."';";
			$result = mysql_query($query);
			while($res = mysql_fetch_array($result))
			{
				return $res;
			}	
		}
	}
	if((isset($_POST['privat'])) && (isset($_POST['msg'])) && (isset($_POST['wall'])))
	{
		if((strlen($_POST['msg']) > 0) && (strlen($_POST['msg']) <=1000))
		{
			mysqlConnect_PHP();
			$save_msg = mysql_real_escape_string($_POST['msg']);
			$obj = new DateTime();
			$date = $obj->Format('d.m.Y');
			$time = $obj->Format('H:i:s');
			if(($_POST['privat'] == 0) && (!($_SESSION['userid'] == $_POST['wall'])))
			{	
				$_POST['privat'] = 1; 
			}
			$result = mysql_query("set names 'utf8'"); 
			$mysql_query ="INSERT INTO posts(`userid`, `wall`, `post`, `public`, `date`, `time`) values('".$_SESSION['userid']."', '".$_POST['wall']."', '".$_POST['msg']."', '".$_POST['privat']."', '".$date."', '".$time."');";
			mysql_query($mysql_query);
			$infos = getDBrowID($_SESSION['userid'], 'profile');
			?>
				<div id="status_msg">
					<?
						if(empty($infos['profilepic']))
							echo '<img src="img/nouser.png" alt="Fehler"/>';
						else
							echo '<img src="php/userimg/thumbnail_'.$infos['profilepic'].'" alt="Fehler"/>';
					?>
					<div class="status_msg_head">
						<div class="message_names">
							<span value="1"><?php echo htmlspecialchars($infos['vorname']);?></span>
							<span value="2"><?php echo htmlspecialchars($infos['nachname']);?></span>
							<span value="3">[<?php echo htmlspecialchars($infos['username']);?>]</span>
						</div>
						<div class="message_date">
							<span><?php echo $time; ?></span>
							<span><?php echo $date; ?></span>
						</div>
					</div>
					
					<div class="status_msg_text">
						<?php echo stripslashes(nl2br(htmlspecialchars($_POST['msg'])));?>
					</div>
					<div class="status_msg_comment">
						<?php
							if($_POST['privat'] == 1)
							{
								echo '<span class="post_status_public">[Nur Freunde]</span>';
							}
							elseif($_POST['privat'] == 0)
							{
								echo'<span class="post_status_public">[&Ouml;ffentlich]</span>';
							}
							//Von welchem Profil
							if($_SESSION['userid'] != $_POST['wall'])
							{
								$wallName = getDBrowID($_POST['wall'], 'profile');
								echo '<a href="?profile='.$infos['username'].'"><span><b>@'.htmlspecialchars($wallName['username']).'</b></span></a>';
							}
						?>
					</div>
				</div>
			<?php
		}
	}
	if(isset($_POST['postid']))
	{
		if((strlen($_POST['msg']) > 0) && (strlen($_POST['msg']) <=1000))
		{
			mysqlConnect_PHP();
			$save_msg = mysql_real_escape_string($_POST['msg']);
			$obj = new DateTime();
			$date = $obj->Format('d.m.Y');
			$time = $obj->Format('H:i:s');
			$result = mysql_query("set names 'utf8'"); 
			$mysql_query ="INSERT INTO posts_comments(`postid`, `userid`, `comment`, `date`, `time`) values('".$_POST['postid']."', '".$_SESSION['userid']."', '".$_POST['msg']."', '".$date."', '".$time."');";
			mysql_query($mysql_query);
			$infos = getDBrowID($_SESSION['userid'], 'profile');
			?>
				<div id="comment">
					<?
						if(empty($infos['profilepic']))
							echo '<img src="img/nouser.png" alt="Fehler"/>';
						else
							echo '<img src="php/userimg/thumbnail_'.$infos['profilepic'].'" alt="Fehler"/>';
					?>
					<div class="comment_msg_head">
						<div class="message_names">
							<span value="1"><?php echo htmlspecialchars($infos['vorname']);?></span>
							<span value="2"><?php echo htmlspecialchars($infos['nachname']);?></span>
							<span value="3">[<?php echo htmlspecialchars($infos['username']);?>]</span>
						</div>
						<div class="message_date">
							<span><?php echo $time; ?></span>
							<span><?php echo $date; ?></span>
						</div>
					</div>
					
					<div class="comment_msg_text">
						<?php echo stripslashes(nl2br(htmlspecialchars($_POST['msg'])));?>
					</div>
				</div>
			<?php
		}
	}
?>